package com.atguigu.crowd.filter;

import com.atguigu.crowd.constant.AccessPassResources;
import com.atguigu.crowd.constant.CrowdConstant;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@Component
public class CrowdAccessFilter extends ZuulFilter {


    @Override
    public String filterType() {

        //这里返回“pre”意思是在目标微服务之前执行过滤
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 0;
    }

    @Override
    public boolean shouldFilter() {

        //1、获取RequestContext对象
        RequestContext currentContext = RequestContext.getCurrentContext();
        //2、通过requestContext对象获取当前请求的对象（框架底层是借助ThreadLocal从当前线程上获取事先绑定的request对象）
        HttpServletRequest request = currentContext.getRequest();

        //3、获取servletPath值
        String servletPath = request.getServletPath();

        //4、根据servletpath判断当前请求是否对应可以直接放行的特定功能
        if (AccessPassResources.PASS_RES_SET.contains(servletPath)) return false;

        //5、判断当前请求是否为静态资源
        if (AccessPassResources.judgeIsStaticResource(servletPath)) return false;

        return true;
    }

    @Override
    public Object run() throws ZuulException {

        //1、获取当前请求对象
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();

        //2、获取当前session对象
        HttpSession session = request.getSession();

        //3、尝试从session对象中获取已登录的用户
        Object member = session.getAttribute(CrowdConstant.ATTR_NAME_LOGIN_MEMBER);

        //4、判断member是否为空
        if(member==null){
            //5、从requestcontext对象中获取response对象
            HttpServletResponse response = currentContext.getResponse();
            //6、将提示消息存入session域
            session.setAttribute(CrowdConstant.ATTR_NAME_MESSAGE,CrowdConstant.MESSAGE_ACCESS_FORBIDDEN);
            //7、重定向到auth-consumer工程中的登录页面
            try {
                response.sendRedirect("/auth/to/member/login/page.html");
            } catch (IOException e) {
                e.printStackTrace();
            }
        }

        return null;
    }
}
